1. Connect to a VPN

Before changing your password, connect to a secure VPN client. Your company may already have a VPN network set up for remote employees to safely access the company network. If not, consider using a trusted virtual private network service to securely connect to the internet.

If you forget this step, your password will change on your PC but may not change across the system or network. That will cause you to get an incorrect password error the next time you try to log in.  You’ll also be unable to log in to email and other apps that use your Windows password.

2. Change Your Password

Once you’re connected to a VPN, you’re ready to reset your password. We encourage you to choose one with some complexity. You must use several characters; the exact number depends on your company’s policy. The system will prompt you to choose a new password if the one you selected is not long or complex enough.

Here are some guidelines to help you create a secure password:

• Use a mix of uppercase and lowercase letters
• Include numbers and special characters
• Avoid using personal information like your name or birthdate
• Do not reuse passwords from one site or application to another—they should ALL be unique and difficult to guess

3. Update Password on All Devices

Don’t forget to update passwords on all of your devices! Many people make the mistake of only changing their password on their work computer and forgetting about tablets, phones, and other devices that also need access to the network. This step is crucial to avoid any login issues or potential security breaches.

Regularly updating your passwords across all devices not only enhances security but also helps keep your personal and professional information safe from unauthorized access. To remember this step, you could schedule password updates on your calendar or set a reminder on your phone.

5. Consider Using a Password Manager

If you’re having trouble keeping track of all your different passwords, consider using a password manager. These tools securely store and generate complex passwords for all your accounts, making it easier for you to maintain strong and unique passwords without the hassle of remembering them. Plus, they often include features like password sharing and security audits.

The most common password managers used in businesses are:

• LastPass
• NordPass
• 1Password
• Dashlane
• RoboForm

6. Set Up Multi-Factor Authentication

To further enhance your account security, consider setting up multi-factor authentication. This requires an additional form of verification, such as a code sent to your phone or touch ID, before accessing your account.

The extra layer of protection (especially if it’s bio-metric) makes it nearly impossible for hackers to access your account even if they have your password. More and more businesses are adopting multi-factor authentication as a standard security measure, so it’s worth investing in now.

7. Test for Functionality

Once you have changed the password on all devices, added any additional security features, and saved it somewhere safe, log out of your computer and back in using your newly created password to verify it’s working. If you still encounter any issues or have questions about the process, don’t hesitate to contact your IT support team immediately for assistance.

Gain Unmatched Network Security With Thrive

Changing your password remotely may seem less secure than in a typical office setting, but by following these steps and taking extra precautions, you can ensure your accounts remain secure. At Thrive, we specialize in providing the highest quality network security solutions for businesses of all sizes. Protect your valuable data and confidential information by partnering with us today.

*Disclaimer – These steps are general best practices but your organization may have different processes in place. Please be sure to adhere to your company’s policies.

The post 7 Simple Steps to Change Your Password Remotely appeared first on Thrive.

“Those who fail to learn from history are condemned to repeat it.”

It is critical to learn from yesterday’s vulnerabilities before they become tomorrow’s hacks. It is through this lens that we look back on some of 2019’s worst hacks and vulnerabilities.

BlueKeep Vulnerability

On May 14^th Microsoft revealed a security vulnerability so severe that it took the unusual step of releasing a patch for Operating Systems which it no longer supports. The remote desktop vulnerability known as BlueKeep impacts Windows XP, Windows 7, Windows Server 2003, Windows Server 2008 and Windows Server 2008 R2. The vulnerability requires no interaction from an end user so once a machine is infected it can quickly spread to other vulnerable systems within the network.

It is imperative that organizations not only employ automated patch management solutions, but also have the capacity to audit and report on patch deployments. With Windows 7 and 2008 reaching their end of life date on January 14, 2020, it’s important to replace them with modern operating systems like Windows 10 and Windows Server 2019.

Amazon S3 Bucket Leaks

2019 was a year of massive data leaks affecting companies such as Capital One, Netflix, TD Bank and Ford. These leaks occurred when bad actors discovered misconfigurations that allowed public access to data stored within Amazon Web Services, or AWS.

The public Cloud is a powerful resource that has and will continue to transform all facets of technology. However, many organizations lack the internal expertise to deploy a public Cloud solution that adheres to cyber security and data integrity best practices. A trusted partner like Thrive has teams of dedicated Cloud professionals that can help organizations develop a Cloud migration strategy that securely meets business goals.

NASA Hack Due to an Unauthorized Device

A report published in 2019 detailed a breach of NASA’s Jet Propulsion Lab (JPL) that resulted from an unauthorized device connected to its network. Hackers used the device to gain deeper access into the JPL networks and steal sensitive data related to the Mars rover missions.

Several cyber security best practices could have helped to prevent this hack.

• Network Access Control (NAC) solution: A NAC can automatically segregate unauthorized devices into an isolated network.
• Implement Proper Network Segmentation: Proper network segmentation can contain the breach and prevent a compromised device from gaining access to other resources.
• Security information and event management (SIEM) solution: Once a device begins attacking the network a SIEM can detect the activity and alert the appropriate IT resources.

Protect your business from 2019’s vulnerabilities and defend your data from 2020’s hacks. Contact Thrive today to learn about the best solutions to compliment your cyber security platform.

The post How to Protect Your Business from 2019’s Worst Hacks and Vulnerabilities appeared first on Thrive.

Logic Apps Custom Connector Walkthrough

For this simple example, I’ll use openweathermap.org. It’s free, but does require registration to get an authorization key. I promised not to give you mine, so you’ll have to sign up and get your own. It’s easy, and I’ve yet to see any spam from them. After you’ve done that, I encourage you to take 10-minutes and follow along!

1. Log into https://portal.azure.com
   1. Maybe I should have mentioned that you’ll need access to Azure. If you don’t have access, they have a trial subscription. Oh, and Thrive resells and helps navigate and manage your Azure environment
2. On the left navigation pane, click All services, then use the filter field to find “Logic apps”
   1. Tip: click the star next to Logic apps to add it as a favorite to your left navigation pane
      1. You might as well add Logic apps Custom Connector too since it comes up in this search. Want to get crazy? Filter for “API Connections” and “On-premises Data Gateways” too and add those to favorites for later
   2. If you followed my tip, you’ll now have 4 new items at the bottom of your left navigation pane. You can drag those up or down if it scratches an OCD itch
      
3. Create a Custom Connector
   1. Now click on Logic apps Custom Connector in the left navigation pane, then click the + Add button at the top of the Logic apps pane
      1. Name is the name. It does not accept spaces. I called mine “BlogWeatherMap”
      2. Subscription is auto filled
      3. Resource group is a container of associated Azure services. For this test, I’d create a new one, unless you already have a test resource group you’d rather use
      4. Location is a data center or cluster of data centers somewhere in the world. I chose East US 2 because I bet the first one is up by Boston and NY, and I work way south of those places
      5. Create button: click. Then wait a while for it provision. You’ll see a notification that it’s finished, then you need to refresh the Logic apps list to see it
   2. Click the new connector you just created once you see it on the list
   3. Click the Edit link at the top of the app pane. Here’s where it gets interesting
   4. The first section invites you to reference an OpenAPI (Swagger) document or Postman collection for REST, or WSDL document for SOAP. I’ve attached an OpenAPI file that you can use so you don’t have to manually complete the rest of the setup. However, note an important point: you don’t have to. As I’m about to show you, the rest of the forms in the Custom Connector setup allow you to describe the API manually in case you don’t have a Swagger or other document for your API. In fact, when you’re done, you can download the results as a Swagger document! (how do you think I created the attached?)
      
   5. Select the REST and Upload options as pictured above, then use the blue folder button to navigate to the downloaded and unzipped BlogWeatherMap.swagger.json from this blog. Then click Update connector
   6. I’ll save you and me the trouble of looking at every field that just got populated by the Swagger document, but be sure to at least take a look at the following:
      1. Host is the URL, using the Scheme selected above it
      2. Base URL is the path to the resource at the host we’re calling
      3. On the Security page, there’s no authentication for this service (though there is an “appid” sent as a parameter in the next page)
      4. The Definition page is where the real magic happens
      5. Under Actions, note that there is a GetWeatherByZip and + New action button
      6. In the General area for the GetWeatherByZip action is how you describe the action in the catalog in Logic apps
      7. In the Request area for the action is where you can see the parameters and documents for interacting with the API. To set them up (without the Swagger), the easiest way is to provide a sample. I’ll show how to try that in just a bit. For now, you need to click on the … by appid to add your authentication key
         
      8. The name must match the parameter defined by the API, but also notice the following:
         1. Default value is where you can put your key so you don’t have to add it every time you reuse this connector
         2. Visibility: advanced will hide the key in Logic apps until you expose advanced options
      9. Now, back to how to setup the request area in the first place. For now, you can’t do it entirely manually, nor would you want to. In a pinch, you could export, edit, and reload the Swagger, but there’s no need to even think about that for this example. Here’s an image of all you need to input to reproduce what you already have (note that the headers pictured are just suggested text superimposed on an empty field. However, those 2 exact headers are a good idea for most REST APIs and would work if you input them here). Also, note that the URL, format can be grabbed from https://openweathermap.org/current, and clicking on the example under By ZIP code
         
      10. If you’ve made any changes (like the default appid) be sure to click Update connector
4. Create a Logic App
   1. Next, click Logic apps in the left navigation pane, then click the + Add button at the top of the apps pane
      1. Name is the name. It does not accept spaces
      2. Subscription is auto filled
      3. Resource group: Use existing and chose the one you created earlier
      4. Location is auto filled based on resource group, because resources in a group should be close together in most cases
      5. Log analytics? OK, if you want to. I’m not for this demo
      6. Click the create button, then wait and refresh as you did for the custom connector
   2. Click the new app you just created once you see it on the list
   3. Click on When a HTTP request is received in the common trigger section of the designer pane
      1. Note the many other options, and a video! These are available every time you start a new Logic app. You can skip the video for now
      2. The HTTP trigger is neat, and very useful, but we’re using it just because it’s also an easy way to test other actions. We can ignore it for now
   4. Click + New step
   5. Search for your brand new Custom Connector! Recall that I named mine “BlogWeatherMap.” Click it once or twice
   6. Input a zip (your zip?) into the zip field
   7. Click Show advanced options. You should see your appid, unless you did not change the default. If not, paste it in now
   8. Click + New step, search for “variable” and click Initialize variable
   9. Name: anything, type: string, value: the name part from Dynamic content (see image). To get it, you just click in the Value field, then click on name in the Dynamic content list. Note that other attributes listed may cause the variable to get wrapped in a for-each construct. There’s a reason, but that would make this blog much longer. For now, trust me and use name
      
   10. Save it and you’re done!
5. Try it out
   1. Click Run up by the Save button
   2. In a few seconds, you should see happy green checkmarks on each of your 3 steps.
   3. Click on the middle step to expand it, then examine the OUTPUTS section. Behold all that weather data!
6. Experiment
   1. If you have a Slack or Teams account, try sending yourself some weather data
      1. If you have a gmail or Outlook online account, you could try that too
   2. What else could you do with all those connectors and weather data?
   3. How might you input zip from something else rather than hardcoding it in the action?

That’s a lot of steps for what turns out to be a pretty easy configuration. I hope it worked for you. Note that you can use this exact technique to describe on-premises APIs as well, and simply couple it with an On-premises Gateway to give secure access to Azure and only Azure.

Further reading and resources:

How to install the on-premises gateway

Make sure to pay attention to the fact that the Azure connection user must be the same as the Logic app user

How to establish a connection to on-premises resources from Logic apps

Make sure to pay attention to the fact that the Azure user must be the same one that setup the Logic app connection on the gateway

If you’re looking to take step one and introduce your organization to an Azure environment, contact Thrive today.

The post Azure Logic Apps: Connectors and REST and SOAP, oh my appeared first on Thrive.

It does not take a monumental catastrophe to disrupt daily operations of a business. Sometimes it can be something as simple as a power outage or intermediate interruptions that result from a storm or an attack instigated by cybercriminals.

Having a business continuity plan in place means arranging to continue to deliver services which are the most critical to business operations and identifying the resources which are needed to support business continuity. In order for a business continuity plan to be effective, there are key critical components that must be present during the planning process.

Business Continuity Planning Organization

When you begin the process for business continuity planning a senior management committee is essential for overseeing the process which includes initiating the necessary steps, planning for implementation, designating the resources, and then continue testing and auditing the business continuity plan. The senior management committee approves the planning structure, identifies the roles of certain individuals, creates the necessary teams responsible for developing and executing the business continuity plan, and prioritizes critical business operations.

Business Impact Analysis

By performing a Business Impact Analysis this helps an organization to identify critical business processes on both the internal and external levels. The identification of these processes initiates prioritization of services to ensure ongoing delivery and fast recovery following a disruption.

Business Impact Analysis must also include an assessment of the impact a disruption will have on service delivery and how long a business can survive without certain services. It is also necessary to identify the services which contribute the most to revenue and then prioritize those services to prevent loss of revenue following a disaster. You must also consider the consumer and the shareholders during a Business Impact Analysis to determine the cost of intangible losses which can result from a disruption.

Business Continuity Detailed Response and Recovery Plan

Following the organization of a senior committee and the completion of a Business Impact Analysis, a business continuity plan should be organized to explain in detail how critical business services will be offered during a period of outage. Each service that is critical to ongoing business operations should be carefully planned in detail and should include identifying all possible threats and risks, recovery processes which are already in place by the organization, and appropriate response to the disruption by teams that are knowledgeable in their area of responsibility and in the event of relocation to an alternate facility.

Training

When the business continuity plan is in place it is necessary to train staff on their specific responsibilities in the event of a disaster. In addition to being trained on their responsibilities, employees should also be aware of other team functions that are associated with their responsibilities. The training should include exercises that set the stage for the disaster recovery environment and prepare the employees for the necessary actions they should take. This includes the proper sequencing of events and response to any external factors which have an impact on the recovery process.

Quality Assurance

Following the training phase, it is necessary to assess the business continuity plan to determine where improvements are needed and to assess the plan for accuracy and effectiveness. This process is known as quality assurance and is performed both on the internal and external level to ensure effectiveness in the event of disruption of services.

If your organization currently does not have a business continuity plan in place now is the time to begin implementation. To obtain assistance with creating a successful business continuity plan feel free to contact Thrive today to speak with one of our experts

The post 5 Key Steps for Implementing a Business Continuity Plan appeared first on Thrive.

As the technology landscape continues to change and evolve at lightning speed, CIOs and CTOs have more on their plates than ever before. For many, spending time on valuable business drivers—the ones that give your business a competitive advantage—takes the backseat to managing and maintaining an IT environment that’s increasingly complex. This challenge is diverse, with many tech leaders needing to oversee everything from vendor management, to rising cyber security concerns, to the many facets associated with maintaining business continuity. And at the end of the day, these tasks leave little time to focus on innovation.

Throughout this blog series, we’ll touch on three major challenges that today’s tech leaders are facing, along with some suggestions to alleviate the burden.  Let’s start with our first challenge: vendor management.

CHALLENGE 1: VENDOR MANAGEMENT 

So Many Vendors, So Little Time

As cloud-based “aaS” solutions explode into the marketplace with a range of affordable, accessible IT solutions, businesses are turning to outside vendors more and more. But for each business, as the number of vendors grows, so does the time and attention needed to manage and monitor them. And this responsibility often falls on the shoulders of already-busy CIOs or CTOs.

Companies large and small are feeling the strain. A single area of IT—take cyber security, for example—alone may require a handful of outside vendors. That’s on top of several other areas where vendor services might be needed, such as web hosting, compliance, disaster recovery and off-site backup, telecoms, hardware maintenance, network … and so the list goes on and on.

A Look at The Numbers

To truly understand the impact of vendor management on today’s IT departments—and how this has changed in recent years—here’s a look at some recent statistics.

• 47% of companies in 2017 said they use more than 10 outside vendors
• 57% say their IT staff spends more time managing vendor relationships than they did two years ago
• 71% of IT leaders state they spend up to half their total budget on external vendors—which doesn’t account for the time and attention spent

Source: Tech Pro Research Survey 

Which Tasks Are Bogging Down Tech Leaders?

While the overarching task of “vendor management” has several moving parts and pieces, we’ve broken it down into three primary areas that pose the most strain on your IT team’s time and resources.

1. Vendor selection. From the sea of cloud vendors, how do you choose the right one? From the moment your organization identifies which IT needs they want to outsource, through your final vendor selection, the process of vetting vendors takes time, diligence and careful consideration to questions that include the following:
   • What is the vendor’s downtime history or record?
   • What level of support can the vendor provide? Can issues be resolved 24x7x365 if needed?
   • Is the vendor reinvesting in emerging technologies to extend to clients and deliver ever increasing value?
   • Is the vendor specialized in your industry-specific applications—for example, compliance for a particular industry vertical?
   • How secure is that vendor’s solution? Is their infrastructure secure and sensitive data well-protected?It’s important to give this selection process careful consideration upfront; otherwise you may spin your wheels with an insufficient vendor before having to repeat this same task down the road, creating an even greater time burden. 

2. Vendor communications/relationship building. After the initial legwork in selecting the right vendor, the ongoing communication and collaboration with those vendors is just as critical—and perhaps even more time-consuming than the vetting process. Also important is continuous collaboration with vendors to take advantage of new offerings, products and desired features that might benefit your organization.According to the CIO Executive Council’s Research Advisory Board, a panel comprised of thirty global CIOs, “Communication is the bedrock of any vendor relationship, and the business-enabling quality that helps drive the success of all other categories.”

3. Using vendors as a strategic partner. Ideally, external vendors can and should provide technical insights that ensure your business is following a strategic path for the future. The optimal vendors can help connect the dots between technology trends and business strategy; ideally, they will rise above the transactional elements to address those business objectives that have been simmering on that back burner for too long. They may even be able to identify industry trends that could provide additional competitive advantages.According to the Strategic Partner Index Survey, IT leaders and vendors need to “forge relationships of trust and collaboration. Failure to do so puts both groups in peril.”

There’s no question that outside vendors can provide value to your organization, and each of the tasks mentioned here simply come with the territory of using them. Yet too often, the importance of each task is undermined by the lack of time and focus that it requires from tech leaders.

How to Ease the Burden

To alleviate the task for IT leaders and utilize vendors more strategically, one option to partner with a managed service provider (MSP). Certain MSPs have experience stepping in as an all-important liaison to act as a single point of contact between your business and multiple IT vendors. The right MSP may even possess many of the skillsets needed to replace of the need for some outside vendors altogether while managing the ones that are still needed.

Additionally, a good MSP is often more familiar with different vendors’ operational processes, and has the technical know-how required for communicating with each vendor. This deeper level of expertise puts them in a better position to evaluate whether certain vendors are indeed a strategic choice for your business.

Finally, MSPs often have a finger on the pulse of the IT industry—and can therefore strategically advise your business on the latest and greatest industry-specific products or solutions that will fulfill your organizational goals.  Keep in mind, though, not all MSPs are the same—so if you’re considering going this route, be sure to ask upfront about the breadth of services and technical capabilities they provide.

Of course, vendor management is just one of the top pain points for today’s tech leader. What about cyber security? How are CIOs and CTOs managing all that’s required of them as security requirements grow? Stay tuned! We’ll cover cyber security in Part 2, Too Much To Manage: Top Challenges Facing Tech Leaders Today (And What To Do About Them).

About PSGi/Thrive

Partnering with PSGi/Thrive alleviates the growing challenges that tech leaders face today, including vendor management, cyber security and maintaining business continuity. PSGi picks up where other MSPs leave off, acting as a strategic industry partner who helps you understand how your system architecture can support your evolving business needs and goals. PSGi delivers the full package of services to bridge the gap between business software and your OS.  Thrive is a leading provider of next-generation managed services. Their technology solutions platform utilizes Cloud, Cyber Security, Networking, Disaster Recovery and other pioneering managed services to help compliance-driven businesses solve complex IT issues. Thrive was acquired by M/C Partners in 2016 as a Northeast United States growth platform to service the Financial Services, Healthcare, Biotech, Life Sciences, Banking and other mid-market verticals.

The post Too Much To Manage? Top Challenges Facing Tech Leaders Today (And What To Do About Them) appeared first on Thrive.

As annoying as it may be, there are valid reasons for this security feature in Office 2013, which first appeared in Office 2010. As explained by the Microsoft Office Engineering Team…

“Files from the Internet and from other potentially unsafe locations can contain viruses, worms, or other kinds of malware that can harm your computer. To help protect your computer, files from these potentially unsafe locations are opened in Protected View. By using Protected View, you can read a file and see its contents while reducing the risks..”

It goes without saying that you shouldn’t open a document from a sender that you don’t know. If you’re ready to turn off this annoying alert permanently, here’s how you can do it:

1. Open any Office 2013 application (Ex: Word or Excel).

2. Click on Office or File button, and select Options.

3. Under Options select “Trust Center” in the left pane.

4. Click on Trust Center Settings in the right pane.

5. Click on the Protected View in the left pane of “Trust Center” window.

6. Check/Uncheck Protected Mode Options below to fit your needs

If you want to take advantage of this security feature in a customized way, you can actually go back to step 6 and set specific Trusted Publishers, Locations and Documents right from this Window.

Unfortunately, you need to apply these setting to each Microsoft Office application individually.

Hope this tip is helpful and saves you some time!

Click here to learn how to Turn Off Enable Editing in Microsoft Office 2010.

The post How to Turn Off “Protected View” in Microsoft Office 2013 appeared first on Thrive.

If you were to conduct a survey of businesses to discover whether or not they are happy with their patch management strategy, the majority of them would likely say that they struggle with patch management processes and are overall dissatisfied with their patch management system. If you are one of the businesses that is constantly burdened by patch management, here are a few of the most common issues companies face and how a managed patching provider can help.

Lack of Report Availability

Depending upon the system you are using, lack of access to detailed reports is a common problem with a lot of businesses. Patching reports which are lacking in detail can place a number of devices and applications at risk, not to mention your entire infrastructure. And, if you are an organization which must meet specific industry compliance standards, this can prove to be disastrous.

At the minimum, patch reports should be able to help you identify the status of security patches on all devices across the organization. This includes devices which are missing patches, patches which have been installed on specific devices, and the number of devices which require updates, to name a few details in a patch report. The more advanced reporting systems help you to stay on top of a complete patch management system using automated processes and the latest reporting technologies.

Unexpected Patch Failures

Most patch management systems are not designed with the capability to detect events in advance which may lead to a patch failure. When patch failure occurs, it leaves the system open to vulnerabilities and attacks as the result of a patch which has become corrupt.

By having access to the latest patch management technologies, you can easily identify a condition which may cause a patch to fail before it poses a security risk to your infrastructure. Instead of simply checking to see if a patch is listed, the latest reporting technologies will indicate a potential problem in advance to allow you to resolve the situation before disaster strikes.

Local Area Networks and VPNs

The majority of the patch management systems are designed to monitor patching on internal servers. This limits their capability to monitor mobile devices and machines in a remote location which are outside of the company network. The end result is only the devices connected to the Local Area Network (LAN) or a Virtual Private Network (VPN) are being monitored by the patch management system. Meanwhile, mobile and remote users are accessing web-based applications without connecting to the internal network.

A managed patching provider can provide you with access to the latest patch management technologies without having to invest additional costs to deploy the architecture necessary to monitor devices outside the network. This typically requires redundant servers and other deduplication technologies which increase costs and leave the system vulnerable to human errors.

Unexpected Patch Failures

Most patch management systems are not designed with the capability to detect events in advance which may lead to a patch failure. When patch failure occurs, it leaves the system open to vulnerabilities and attacks as the result of a patch which has become corrupt.

By having access to the latest patch management technologies, you can easily identify a condition which may cause a patch to fail before it poses a security risk to your infrastructure. Instead of simply checking to see if a patch is listed, the latest reporting technologies will indicate a potential problem in advance to allow you to resolve the situation before disaster strikes.

Manual Patching

Businesses that do not have access to the latest patch management technologies commonly use traditional manual patching processes which require widespread scripting in order to effectively install device patches. This process is very time consuming and vulnerable to human error.

The manual processes typically include patch monitoring and updates, patch assessments, creation and distribution of patch packages, installation confirmations, and continual monitoring processes. This adds up to a significant time investment when you are using a manual process. This is where a managed patching provider can easily provide you with access to the latest best practices and automated processes, in addition to focused expertise on effective patch management strategies.

Problems Meeting Compliance Requirements

Effective patch management plays an important role in meeting industry-specific compliance requirements. This means additional costs for businesses with limited budgets which can lead to hefty fines if the standards are not met. For example, a Payment Card Industry (PCI) violation can command a hefty fine which can range up to as much as $100K for each month the standards were not met.

For this reason, a managed patching provider can oversee compliance requirements while providing your business with an affordable way to ensure your infrastructure meets all standards. A managed patching provider is proactive while using the latest technologies at a fraction of the cost of implementing necessary IT requirements in-house.

The latest patching technologies also include new features which can provide businesses with additional functionalities which open up new opportunities for improved services.

If you considering using a managed patch hosting provider to assist your company, contact Thrive Networks today to speak with one of our patch management experts.

The post 5 Common Patch Management Problems appeared first on Thrive.

New data backup and recovery technologies eliminate failure risks while increasing efficiency and promoting faster recovery time.  Additionally the newer technologies and services reduce network risks that often go undetected and provide solutions that reduce storage management and maintenance costs.

Every company has different data storage requirements that depend upon the type of industry.  In order to choose the best data protection solution it is important to know what your options are and why these options are the better choice for information security management.

Hosted Cloud Services

 Cloud-based data protection is an option that many companies are using due to its accessibility, reliability, and security.  Data storage in the cloud represents an affordable solution for many businesses because it has the capability to provide the best of both worlds which is immediate access to data while enjoying the reliability and security of offsite storage. Also, most cloud service providers offer different levels of vaulting solutions to meet industry compliance and regulatory standards.

In terms of protecting your servers and workstations, a quality cloud hosting provider is capable of backing up your servers in the cloud and data which is relevant to your workstations.  If your company experiences a hardware failure or natural disaster you can quickly recover by tapping into your resources with the cloud hosting service.

Onsite Data Storage and Backup

 Some companies deploy onsite data storage  to provide easy access to data.  By storing and backing up data onsite recovery time is faster than offsite storage and you can add storage as needed.

A few of the drawbacks of onsite data storage  is your company can suffer a complete loss in the event of a fire or flood if you are not using multiple backup methods.  Also, it is necessary for someone to monitor the system and perform backups on a routine basis.  Depending upon the data workload, onsite storage can also be costly in terms of hardware and maintenance.

 Offsite Storage and Backup

 Offsite storage is offered in a variety of different methods which include tape storage, data warehousing, or data storage strategies which are configured by the company.   Offsite data storage utilizes redundant data storage which provides multiple backup copies and can be designed for storage in multiple locations.

 Although offsite data storage eliminates the possibility of human error it can be costly and bandwidth intensive when it comes to ongoing backup.  The recovery process is significantly slower than onsite storage depending upon the methods that are used for recovery.

What we have described here are the primary options that companies consider for data protection and storage.  It is important to mention that multiple backup and storage methods are commonly deployed for added reassurance in the event of a disaster.

Data protection and backup  does not have to be complex.  To discover cost effective options for data protection, contact Thrive Networks for assistance with setting up a data protection and backup strategy.

The post How to Choose the Best Data Protection Solutions appeared first on Thrive.

First thing you should analyze is the workload on the workstations/servers.  Use an Simple Network Management Protocol (SNMP) monitoring system to help you monitor and manage your network resources. SNMP is a secure network management system which delivers real-time monitoring for your entire network infrastructure. Its objectives are:

• To find the highest traffic links
• To identify protocol errors
• To provide diagnosis of specific problems
• To describe the system’s configuration

It allows the administrator to free resources at time of need. This non-invasive tool automatically discovers all active IP addresses and monitors all devices and services in the network such as WAN Links, Servers and Applications.

After assessing the health of your workstations/servers you need to check security. If you already have an antivirus installed then you should make sure that it has been updated with the latest antivirus database. Do the same thing in case of a firewall.  If you don’t have an antivirus or a firewall you should get one ASAP.

The IP address listing function allows maximum resources available to the users of the network by restricting unauthorized access to the network. This allows users to connect to the network using IPs allowed by the administrator. For example if the network has 50 users then the IPs will start from 192.168.1.1 to 192.168.1.50. If a new user wants to join he/she will have to ask the administrator to make an IP available for him/her.

Now comes the identification of weak links. Weak links can be identified simply by using speed testing software. Here are some steps that will guide you:

1. Search for Local Area Network (LAN) speed testing software
2. Download  recommended speed testing software to get accurate results
3. Run it and let it complete
4. If your link speed is 100Mbps, then you should get a transfer rate around 11MB per second to show your network is healthy

Anything less than 7MB per second and you should be checking your wiring. If you want to check the speed of your internet connection you should do the same, except now search for internet speed. Also your transfer rate will be different, if you have a 10Mbps connection you will get a speed around 1.1Mbs per second.  To save time you can also use the SNMP to test connection speeds with all the computers on the server.

Regular check-ups are an excellent idea for all of us. Your network is no exception. That is why Thrive offers comprehensive Network Health Assessments to evaluate the performance and sustainability or your technology infrastructure. For more information on all of our IT services, please contact Thrive Networks today.

The post Tips on Assessing the Health of Your Network appeared first on Thrive.

As annoying as it may be, there are valid reasons for this new security feature in Office 2010, which is an improvement over security features in previous versions of Office.  As explained by the Microsoft Office 2010 Engineering Team…

“With any piece of complex software, over time new file parsing exploits against it may be found. The older Office binary file formats had been susceptible to these types of attacks. Over the past years hackers have discovered ways to manipulate Office binary files so that when they are opened and parsed, they cause their own code embedded within the file to run. To address these binary file parsing attacks in Office 2007, several new XML based file formats were introduced.”

If you are generally savvy enough to not open documents from suspicious sources and enjoy an occasional walk on the wild side, well then here is a quick “how-to” on just turning the darn thing off permanently:

1.    Open any Office 2010 application (Ex: Word or Excel).
2.    Click on Office or File button, and select Options.

3.    Under Options select “Trust Center” in the left pane.
4.    Click on Trust Center Settings in the right pane.

5.    Click on the Protected View in the left pane of “Trust Center” window.
6.    Check/Uncheck Protected Mode Options below to fit your needs

If you want to take advantage of this security feature in a customized way, you can actually go back to step 6 and set specific Trusted Publishers, Locations and Documents right from this Window.
Unfortunately, you need to apply these setting to each Microsoft Office application individually.

Hope this tip is helpful and saves you some time!

The post How to Turn Off “Enable Editing” in Microsoft Office 2010 appeared first on Thrive.